...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship | |
|---|---|---|---|
| CERT C | Coding StandardINT13-C. Use bitwise operators only on unsigned operands | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CERT C | INT35-C. Use correct integer precisions | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CERT C | INT32-C. Ensure that operations on signed integers do not result in overflow | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| ISO/IEC TR 24772:2013 | Arithmetic Wrap-Around Error [FIF] | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CWE 2.11 | CWE-682 | 2017-07-07: CERT: Rule subset of CWE | |
| CWE 2.11 | CWE-758 | 2017-07-07: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-758 and INT34-C
Independent( INT34-C, INT36-C, MEM30-C, MSC37-C, FLP32-C, EXP33-C, EXP30-C, ERR34-C, ARR32-C)
CWE-758 = Union( INT34-C, list) where list =
- Undefined behavior that results from anything other than incorrect bit shifting
CWE-682 and INT34-C
Independent( INT34-C, FLP32-C, INT33-C) CWE-682 = Union( INT34-C, list) where list =
- Incorrect calculations that do not involve out-of-range bit shifts
Bibliography
| [C99 Rationale 2003] | 6.5.7, "Bitwise Shift Operators" |
| [Dowd 2006] | Chapter 6, "C Language Issues" |
| [Seacord 2013b] | Chapter 5, "Integer Security" |
| [Viega 2005] | Section 5.2.7, "Integer Overflow" |
...